Staff Security Engineer, Firmware Security

What Youll Do:

The Security Engineering organization at CoreWeave is responsible for keeping the CoreWeave Cloud secure by designfrom our data centers and GPU fleets all the way up to the platform layers that power our customers AI workloads. The Firmware Security function sits at the intersection of hardware platform engineering and infrastructure security ensuring that the low-level software that runs on our servers GPUs and networking gear is trustworthy up to date and resilient to compromise.

This team defines and enforces the standards for secure firmware across our global fleet builds the tooling to validate and attest device state at scale and partners closely with data center operations and engineering teams to roll out changes safely. If youre excited about securing BMCs BIOS/UEFI GPU and NIC firmware in massive AI clusters this is the team to join.

About the Role:

As a Staff Firmware Security Engineer you will be the technical lead for firmware security across CoreWeaves infrastructure. Youll design and drive the strategy for secure boot firmware signing attestation and fleet-wide governance of firmware across servers GPUs and critical infrastructure devices. Youll work hands-on with engineering teams hardware vendors and data center technicians to identify risks ship durable controls and respond to emerging threats in the firmware and hardware ecosystem. Your work will directly influence how securely we operate some of the largest GPU fleets in the world.

In this role you will:

• Define the end-to-end firmware security architecture for CoreWeaves server GPU and networking platforms including root-of-trust secure boot and attestation flows.
• Design and implement secure boot and measured boot strategies across host BMC and accelerator firmware leveraging TPM/TPM2 and hardware roots of trust.
• Build and maintain tooling and automation to inventory firmware validate signatures and policies manage firmware SBOMs and enforce version baselines across large fleets.
• Partner with platform infrastructure and data center engineering teams to design safe rollout mechanisms for firmware updates including canarying rollback strategies and blast-radius controls.
• Perform threat modeling design reviews and code reviews for firmware-related components and low-level platform software identifying and mitigating security risks early in the lifecycle.
• Lead deep-dive investigations into firmware vulnerabilities and anomalous device behavior coordinating incident response and remediation across cross-functional teams.
• Engage with hardware and OEM partners (e.g. server GPU and NIC vendors) to influence their security roadmaps validate security features and integrate vendor tooling into CoreWeaves controls.
• Collaborate with Security Engineering peers to integrate firmware security signals into telemetry detection and SIEM pipelines for continuous monitoring.
• Establish standards best practices and documentation for firmware security and mentor engineers across the organization in building secure-by-default infrastructure.

Who You Are:

• 8 years of experience in security engineering platform security or systems/firmware engineering including substantial work with server or device firmware.
• Deep understanding of firmware and platform security concepts including secure/verified boot measured boot roots of trust and attestation (e.g. TPM-based or vendor-specific solutions).
• Hands-on experience with server and BMC ecosystems (e.g. UEFI/BIOS BMC/Redfish/IPMI bootloaders) and how they interact with operating systems and hypervisors.
• Strong Linux systems background including comfort working close to the hardware (kernel interfaces device drivers low-level debugging).
• Experience performing security reviews and/or reverse engineering of firmware or low-level code (e.g. UEFI bootloaders BMC firmware) using tools such as UEFITool CHIPSEC or similar.
• Proficiency in at least one systems programming or scripting language (e.g. C C Rust Go or Python) and the ability to build automation and validation tooling.
• Demonstrated ability to lead cross-functional initiatives influencing engineers and stakeholders across infrastructure hardware and operations teams.
• Strong written and verbal communication skills including the ability to explain complex technical topics to both deeply technical and non-technical audiences.

Preferred:

• Experience securing GPU accelerator or HPC platforms including familiarity with NVIDIA and/or other accelerator firmware stacks.
• Background working in a cloud provider hyperscaler or large-scale data center environment ideally with exposure to bare metal and containerized workloads.
• Familiarity with supply chain security practices for hardware and firmware including SBOMs signing workflows provenance tracking and vendor qualification.
• Experience designing and operating attestation pipelines (e.g. validating device state before admitting workloads or granting higher-trust roles).
• Contributions to open-source firmware or security projects security research publications or notable vulnerability discoveries (CVE credits bug bounties etc.).
• Bachelors or Masters degree in Computer Science Computer Engineering Electrical Engineering or equivalent practical experience.

Wondering if youre a good fit

We believe in investing in our people and value candidates who can bring their own diversified experiences to our teams even if you arent a 100% skill or experience match. Here are a few qualities weve found compatible with our team. If some of this describes you wed love to talk.

• You love digging into how systems really workfrom silicon and firmware up through the operating systemand you enjoy finding and fixing the weird edge cases.
• Youre curious about large-scale GPU infrastructure Kubernetes and containerized workloads and how to make them secure without slowing teams down.
• Youre an excellent collaborator who can lead with context bring others along on complex security decisions and ship pragmatic solutions in a fast-paced environment.

The base salary range for this role is $188000 to $275000. The starting salary will be determined based on job-related knowledge skills experience and market location. We strive for both market alignment and internal equity when determining addition to base salary our total rewards package includes a discretionary bonus equity awards and a comprehensive benefits program (all based on eligibility).